Run exec-server fs operations through sandbox helper (#17294)

## Summary - run exec-server filesystem RPCs requiring sandboxing through a `codex-fs` arg0 helper over stdin/stdout - keep direct local filesystem execution for `DangerFullAccess` and external sandbox policies - remove the standalone exec-server binary path in favor of top-level arg0 dispatch/runtime paths - add sandbox escape regression coverage for local and remote filesystem paths ## Validation - `just fmt` - `git diff --check` - remote devbox: `cd codex-rs && bazel test --bes_backend= --bes_results_url= //codex-rs/exec-server:all` (6/6 passed) --------- Co-authored-by: Codex <noreply@openai.com>
2026-04-29 00:55:38 +00:00 · 2026-04-12 18:36:03 -07:00
parent 7c1e41c8b6
commit d626dc3895
52 changed files with 2313 additions and 895 deletions
--- a/codex-rs/app-server/src/fs_api.rs
+++ b/codex-rs/app-server/src/fs_api.rs
@@ -46,7 +46,7 @@ impl FsApi {
    ) -> Result<FsReadFileResponse, JSONRPCErrorError> {
        let bytes = self
            .file_system
-            .read_file(&params.path)
+            .read_file(&params.path, /*sandbox*/ None)
            .await
            .map_err(map_fs_error)?;
        Ok(FsReadFileResponse {
@@ -64,7 +64,7 @@ impl FsApi {
            ))
        })?;
        self.file_system
-            .write_file(&params.path, bytes)
+            .write_file(&params.path, bytes, /*sandbox*/ None)
            .await
            .map_err(map_fs_error)?;
        Ok(FsWriteFileResponse {})
@@ -80,6 +80,7 @@ impl FsApi {
                CreateDirectoryOptions {
                    recursive: params.recursive.unwrap_or(true),
                },
+                /*sandbox*/ None,
            )
            .await
            .map_err(map_fs_error)?;
@@ -92,7 +93,7 @@ impl FsApi {
    ) -> Result<FsGetMetadataResponse, JSONRPCErrorError> {
        let metadata = self
            .file_system
-            .get_metadata(&params.path)
+            .get_metadata(&params.path, /*sandbox*/ None)
            .await
            .map_err(map_fs_error)?;
        Ok(FsGetMetadataResponse {
@@ -109,7 +110,7 @@ impl FsApi {
    ) -> Result<FsReadDirectoryResponse, JSONRPCErrorError> {
        let entries = self
            .file_system
-            .read_directory(&params.path)
+            .read_directory(&params.path, /*sandbox*/ None)
            .await
            .map_err(map_fs_error)?;
        Ok(FsReadDirectoryResponse {
@@ -135,6 +136,7 @@ impl FsApi {
                    recursive: params.recursive.unwrap_or(true),
                    force: params.force.unwrap_or(true),
                },
+                /*sandbox*/ None,
            )
            .await
            .map_err(map_fs_error)?;
@@ -152,6 +154,7 @@ impl FsApi {
                CopyOptions {
                    recursive: params.recursive,
                },
+                /*sandbox*/ None,
            )
            .await
            .map_err(map_fs_error)?;